Kashmir Hill reports an all-too-common scenario, this one involving security researcher Kristian Erik Hermansen:
1. White-hat hacker discovers vulnerability, tries to notify responsible party.
2. White-hat hacker gets nowhere despite numerous attempts to contact responsible party.
3. White-hat hacker discloses publicly.
4. Responsible party pays attention but is more focused on covering up problem.
5. The FBI threatens the white-hat hacker.
Bah. How many times have I written that every site should have a clearly posted/dedicated number to call or email to report security problems? Maybe if sites took my sage advice, we wouldn’t have so many of these situations.
Read Kash’s report on Forbes.